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function is a longjmp. 

REMARKS 

This is a full and timely response to the final Office Action mailed October 14, 2008. 
Reconsideration and allowance of the application and presently pending claims are respectfully 
requested. 

Telephone Conversation With Examiner 

Examiner Schmidt is thanked for the telephone conversation conducted on December 17, 
2008. Proposed claim amendments were discussed. Cited art was discussed. Although it 
appears that the proposed claim amendments overcome the rejections based on the cited art, no 
agreements were reached. 

Present Status of Patent Application 

Claims 1, 2, 6, 10, 1 1, 14, 15, 19, 20, 23, 28, 37-41, and 43-51 are now pending in the 
present application. Claims 1, 10, 15, 19, 23, 28, 37-41, and 43-49 are currently amended 
without introduction of new matter; claims 2 and 20 are original claims; claims 6 and 1 1 are 
previously presented; claims 3-5, 7-9, 12-14, 16-18, 21-22, 24-27, 29-36, and 42 are cancelled 
without prejudice, waiver, or disclaimer; and claims 50-5 1 are new claims that are submitted 
without introduction of new subject matter. Reconsideration and allowance of the application 
and presently pending claims are respectfully requested. 

Claim Objections 

Statement of the Objection 

Claims 5-6 are objected to because of the following informalities: The examiner notes 
claims 5 and 6 are duplicate claims that depend off of claim 1. Appropriate correction is 
required. 

Response to the Objection 
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In response to the objection, Applicants have currently canceled claim 5 and respectfully 
request withdrawal of the objection to pending claim 6. 

Claim Rejections under 35 U.S.C. $112 
Statement of the Rejection 

Claims 38-39, 40, 42-43, 44, 46-48, and 49 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

Claims 38-39. 40. 42-43. 44. 46-48. and 49 

The examiner notes claims 38-39, 40, 42-43, 44, 46-48, and 49 are rejected under 35 
U.S.C. 112, second paragraph for being indefinite. Claims 38-39, 40, 42-43, 44, 46-48, and 49 
all depend off of a cancelled claim(s) (e.g. 38-39 depend on canceled claim 3, etc). Therefore for 
the purpose of examination the examiner will interpret these claims to depend off of their 
respective independent claims (1, 10, and 19). 

Response to the Rejection 

Applicants have opted to cancel claim 42 and to appropriately amend claims 38-40, 43, 
44, 46-48, and 49 in order to address the shortcoming identified in the Office action. 
Consequently, Applicants respectfully request withdrawal of the rejection under 35 U.S.C. 1 12, 
followed by allowance of pending claims 38-40, 43, 44, 46-48, and 49. 

Claim Rejections under 35 U.S.C. §103 
Statement of the Rejection 

Claims 1, 5-6, 10, 14-15, 19, 28, 31, 33-34, and 36-49 are rejected under 35 U.S.C. 
103(a), as best understood, as being unpatentable over Lueh (US 6,658,657 Bl) in view of 
Richarte, Gerardo. "Four different tricks to bypass Stackshield and StackGuard protection" 

Response to the Rejection 

Applicants recognize that the claim numbers identified in the statement above contain a 
typographical error in that they do not match the claims referred to in the text of the rejection 
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(e.g. claims 2, 1 1, 20, 23 etc.). Also, it appears that the list of rejected claims in the Summary 
sheet of the Office action may contain some errors (claims 4, 37-49 etc) as well. Applicants have 
provided above a list of currently pending claims for purposes of clarification. 
Claim 1 

Applicants have opted to currently amend rejected independent claim 1 in order to move 
forward prosecution in the case by elaborating on the term "identifier" as incorporated in the 
claim. Attention is respectfully drawn to page 5 of the current Office action wherein it is alleged 
that the cited reference of Richarte discloses "executable code which is marked with a canary 
(e.g. identifier) for runtime protection." Applicants acknowledge that Richarte does indeed 
disclose runtime protection using a canary in the form of a constant "OxOOOaffDd" that is pushed 
into his stack. Protection against buffer overflow attacks is provided by checking to see if the 
value of the constant (the canary) has been changed as a result of an attack. Richarte describes 
this aspect in his pages 5-6 (under StackGuard protection) as follows: "A standard stack based 
buffer overflow attack would change the return address, and on its way will overwrite the 
canary, so, unless we write the right value in the canary the check in the epilog will fail and 
abort the program." 

In contrast, Applicants' claim 1 is directed at using an identifier as a flag to indicate that 
runtime protection has been provided in a portion of executable code. In other words, unlike 
Richarte whose canary itself is used to check for attacks, the identifier of Applicants' claim 1 is 
not used directly to check for attacks. Instead, Applicants' identifier is used to indicate the 
presence of runtime protection (in the form of a valid target address located in an object code). 

It may also be pertinent to point out that in addition to disclosing the use of a canary 
(StackGuard protection), Richarte further discloses an alternative approach (in place of using a 
canary) wherein a process of return address verification is used. This is described in his section 
2.3 titled "StackShield protection". 

In this connection, Richarte discloses certain differences between StackShield and 
StackGuard. Specifically in his page 6, section 2.3, Richarte teaches: "An implementation 
difference is that StackShield takes as input assembler files (.s) and produces as output 
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assembler files, StackGuard is implemented as a modification to gcc, and as a result, takes as 
input C source files, and produces binary objects." Consequently, it can be understood that the 
canary approach (looking for changes in the canary) and the return address approach (looking for 
changes in a return address) are two parallel and distinct approaches that are selected depending 
on the nature of the application. 

In light of the remarks above, Applicants respectfully submit that Richarte does not 
reasonably teach or suggest the identifier cited in Applicants' claim 1 . Nonetheless, in the 
interest of moving forward prosecution in the case, Applicants have currently amended the 
claim, which now recites in pertinent part: "an identifier indicating that the executable code 
comprises an object file containing a list of valid target addresses for use in implementing 
runtime protection" This aspect has been described in Applicants' original specification for 
example in paragraph [0036]. One of ordinary skill in the art can recognize that the functionality 
of Applicants' identifier is distinctly different from that of Richarte 's canary. 

In summary, Applicants respectfully submit that cited references of Lueh and Richarte, 
individually and/or combinedly, fail to teach or suggest various aspects of Applicants claim 1 
thereby making the claim allowable at least in currently amended form. Consequently, 
Applicants request withdrawal of the rejection followed by allowance of the claim. 

Claims 2, 6, 37-40 

Applicants respectfully submit that claims 2,6, and 37-40 are allowable for at least the 
reason that these claims are dependent on allowable claim 1 . Consequently, Applicants 
respectfully request withdrawal of the rejection followed by allowance of these claims. 

Claims 5, 31, 33, 34, 36, and 42 

Applicants have currently canceled claims 5, 31, 33, 34, 36 and 42 and respectfully 
submit that the rejection of these claims has been rendered moot as a result of the cancellation. 
Claim 10 

Applicants have opted to currently amend rejected independent claim 10 in order to move 
forward prosecution in the case. As amended, the claim now includes: "deriving a security 
cookie by XORing a secret value with each of the values retrieved from a jmp_buf buffer, the 
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retrieved values precluding a first security cookie that has been stored previously in the jmp_buf 
buffer." This aspect, which has been described in Applicants' original specification for example 
in paragraphs [0046] and [0047], is neither taught nor suggested in the cited references, 
individually or combinedly. It may be pertinent to point out that Richarte does disclose the use of 
an XOR random canary in his page 27 (section 4 titled "Notes on random canary") and 
elsewhere, wherein the random canary is described as follows: "The idea of a random canary is 
to generate a different canary every time it's used, reducing he chances of guessing it." 
However, it is clear that Richarte does not use a security cookie that is derived by XORing a 
secret value with jmpbuffer values as cited in Applicants' amended claim 10. 

In summary, Applicants respectfully submit that the cited references of Lueh and 
Richarte, individually and/or combinedly, fail to teach or suggest various aspects of Applicants 
claim 10 thereby making the claim allowable at least in currently amended form. Consequently, 
Applicants request withdrawal of the rejection followed by allowance of the claim. 

Claims 11. 14. 15. 41. 43 and 44 

Applicants respectfully submit that claims 11, 14, 15, 41, 43, and 44 are allowable for at 
least the reasons that these claims are dependent on allowable claim 10. Consequently, 
Applicants respectfully request withdrawal of the rejection followed by allowance of these 
claims. 

Claim 19 

Applicants have opted to currently amend rejected independent claim 19 in order to move 
forward prosecution in the case. As amended, the claim now includes: "an identifier indicating 
that the executable comprises an object file containing a list of valid target addresses for use in 
implementing runtime protection." Certain remarks (pertaining to the identifier) made above in 
response to the rejection of claim 1 are equally pertinent to the rejection of claim 19 as well. 
However, in the interest of brevity these remarks will not be repeated herein. In short, Applicants 
respectfully submit that cited references of Lueh and Richarte, individually and/or combinedly, 
fail to teach or suggest various aspects of Applicants claim 1 9 thereby making the claim 
allowable at least in currently amended form. Consequently, Applicants request withdrawal of 
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the rejection followed by allowance of the claim. 
Claims 20, 23, 28, and 45-49 

Applicants respectfully submit that claims 20, 23, 28, and 45-49 are allowable for at least 
the reasons that these claims are dependent on independent claim 19 that is allowable. 
Consequently, Applicants respectfully request withdrawal of the rejection followed by allowance 
of these claims. 

Remarks pertaining to new claims 50 and 51 

Applicants respectfully submit that claims 50 and 51 are allowable over the cited 
references. Furthermore, these claims are also allowable due to their dependency on allowable 
claim 1. Consequently, Applicants respectfully request allowance of these claims. 

Cited Art Made of Record 

The cited art made of record has been considered, but is not believed to affect the 
patentability of the presently pending claims. 
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CONCLUSION 

Applicants respectfully submit that pending claims 1, 2, 6, 10, 1 1, 15, 19, 20, 23, 28, 37- 
41, and 43-51 are allowable. Favorable reconsideration and allowance of the present application 
and all pending claims are hereby courteously requested. If, in the opinion of the Examiner, a 
telephonic conference would expedite the examination of this matter, the Examiner is invited to call 
the undersigned representative 



Date: January 14, 2009 



Woodcock Washburn LLP 
Cira Centre 

2929 Arch Street, 12th Floor 
Philadelphia, PA 19104-2891 
Telephone: (215)568-3100 
Facsimile: (215) 568-3439 
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/Joseph F. Oriti/ 

Joseph F. Oriti 
Registration No. 47,835 



